CN104834860A - Dynamic warehousing method for security events - Google Patents
Dynamic warehousing method for security events Download PDFInfo
- Publication number
- CN104834860A CN104834860A CN201510231920.9A CN201510231920A CN104834860A CN 104834860 A CN104834860 A CN 104834860A CN 201510231920 A CN201510231920 A CN 201510231920A CN 104834860 A CN104834860 A CN 104834860A
- Authority
- CN
- China
- Prior art keywords
- business object
- security incident
- database
- dynamic
- definition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000013507 mapping Methods 0.000 claims description 15
- 238000013506 data mapping Methods 0.000 claims description 4
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 238000013501 data transformation Methods 0.000 claims description 3
- 230000013011 mating Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 abstract description 13
- 230000005540 biological transmission Effects 0.000 abstract 1
- 238000004806 packaging method and process Methods 0.000 abstract 1
- 238000004454 trace mineral analysis Methods 0.000 abstract 1
- 230000000875 corresponding effect Effects 0.000 description 25
- 238000011161 development Methods 0.000 description 3
- 230000001276 controlling effect Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to a dynamic warehousing method for security events. The method comprises the following steps: S1, defining warehousing rules by using an XML (Extensive Markup Language) format file; S2, loading the warehousing rules defined in the step S1; S3, packaging designated database operation function plug-ins as a DLL (Dynamic Link Library), and loading the DLL; S4, starting TCP (Transmission Control Protocol) network service, receiving the collected security events, and defining the collected security events as service objects; S5, converting data of the service objects received in the step S4 into general JSON (JavaScript Object Notation) formats; S6, matching the service objects in the step S5 with the corresponding warehousing rules; S7, generating a corresponding SQL (Structured Query Language) sentence set according to the corresponding warehousing rules matched in the step S6; S8, calling the corresponding database operation function plug-ins to execute corresponding SQL sentences according to database types corresponding to the service objects. According to the dynamic warehousing method for the security events, various security events can be conveniently stored in various types of databases, and further trace analysis is facilitated for security technical analysts.
Description
Technical field
the present invention relates to Intrusion Detection field, particularly the dynamic storage method of a kind of security incident.
Background technology
Present network intrusions becomes increasingly complex, the emphasis target of attack of hacker is become at the leak of network application layer, when utilizing the leak of network application layer to attack, the data (attack script) of assailant are very strange, walk around various safety monitoring system by every means,, by these security incidents with unconventional content, accurately be saved in various relational database clear classifying, be also a loaded down with trivial details careful and important job.For warehouse-in working link, conventional security supervisory systems will run into following two problems: cast the first stone mode just in dynamic change, the security incident type that safety product can identify also must be segmented further, and the cycle of change is shorter and shorter, cause program code frequent updating to be revised, cause application system instability; Secondly more single to relational database support, multiple relational database cannot be supported simultaneously, thus complicated client's production environment cannot be met, even if also needs can be met carry out more customized development.Dynamic storage method is adopted to solve the problem very well, thus the dirigibility of raising system, stability and extendability.
Summary of the invention
In view of this, the object of the invention is to propose the dynamic storage method of a kind of security incident, support that custom security event information is dynamically put in storage, support multiple relational database simultaneously.
The following scheme of employing of the present invention realizes: the dynamic storage method of a kind of security incident, specifically comprises the following steps:
Step S1: adopt XML format document definition putaway rule;
Step S2: load the putaway rule that step S1 has defined;
Step S3: the database manipulation feature card of specifying is encapsulated as dynamic base DLL, and loads described dynamic base DLL, in order to realize unified database manipulation interface and dynamic call afterwards.
Step S4: start TCP network service, receives the security incident collected, and the security incident collected is defined as business object;
Step S5: be general JSON form by the data transformations of the business object received in step S4; Wherein, JSON business object has Key and Value value, is simple and easy to use, can combine with data sheet field.
Step S6: by putaway rule corresponding for the business object coupling in step S5; Also determine the corresponding relation between business object attribute and database table field simultaneously.Supporting business object and database table one to one, the mapping relations of one-to-many.
Step S7: generate corresponding SQL statement set according to the putaway rule of the correspondence of mating in step S6;
Step S8: the type of database corresponding according to business object, calls corresponding database manipulation feature card and performs corresponding SQL statement, in order to business object to be entered in the corresponding data table in the database of corresponding types; Wherein, transaction controlling granularity is single business object.
Further, described putaway rule configuration item comprises the definition of business object essential information, business object and the definition of tables of data mapping relations, business object attribute and the definition of data sheet field mapping relations, the relevant SQL statement definition of business object, business object and associated data table mapping definition and business object attribute and associated data literary name section mapping relations and defines.
Further, described specified database plug-in unit comprises Oracle operating function plug-in unit, MySQL operating function plug-in unit, SQLITE operating function plug-in unit and Sybase operating function plug-in unit.
Further, described business object has the business object type coding and business tine information that communicating pair appoints.
Further, described SQL statement set comprise build predicative sentence, index statement and insert statement.
Compared with prior art, the present invention can revise warehouse-in program code, only needs to revise dynamic putaway rule configuration information, just can meet new business function.The present invention can reduce formula of enumerating code development that business change causes in a large number, repeat compiling work.Improve program flexibility, stability and extendability, can also a business object be saved in multiple tables of data of multiple different database simultaneously.
Accompanying drawing explanation
Fig. 1 is method flow schematic diagram of the present invention.
Fig. 2 is embodiments of the invention Organization Chart.
Embodiment
Below in conjunction with drawings and Examples, the present invention will be further described.
As shown in Figure 1, present embodiments provide the dynamic storage method of a kind of security incident, specifically comprise the following steps:
Step S1: adopt XML format document definition putaway rule;
Step S2: load the putaway rule that step S1 has defined;
Step S3: the database manipulation feature card of specifying is encapsulated as dynamic base DLL, and loads described dynamic base DLL, in order to realize unified database manipulation interface and dynamic call afterwards.
Step S4: start TCP network service, receives the security incident collected, and the security incident collected is defined as business object;
Step S5: be general JSON form by the data transformations of the business object received in step S4; Wherein, JSON business object has Key and Value value, is simple and easy to use, can combine with data sheet field.
Step S6: by putaway rule corresponding for the business object coupling in step S5; Also determine the corresponding relation between business object attribute and database table field simultaneously.Supporting business object and database table one to one, the mapping relations of one-to-many.
Step S7: generate corresponding SQL statement set according to the putaway rule of the correspondence of mating in step S6;
Step S8: the type of database corresponding according to business object, calls corresponding database manipulation feature card and performs corresponding SQL statement, in order to business object to be entered in the corresponding data table in the database of corresponding types; Wherein, transaction controlling granularity is single business object.
In the present embodiment, described putaway rule configuration item comprises the definition of business object essential information, business object and the definition of tables of data mapping relations, business object attribute and the definition of data sheet field mapping relations, the relevant SQL statement definition of business object, business object and associated data table mapping definition and business object attribute and associated data literary name section mapping relations and defines.
In the present embodiment, described specified database plug-in unit comprises Oracle operating function plug-in unit, MySQL operating function plug-in unit, SQLITE operating function plug-in unit and Sybase operating function plug-in unit.
In the present embodiment, described business object has the business object type coding and business tine information that communicating pair appoints.
In the present embodiment, the SQL statement set stated comprise build predicative sentence, index statement and insert statement.
Preferably, in the present embodiment, business object and tables of data mapping relations are defined as follows shown in table.
| Attribute | Describe |
| id | Business object type coding |
| name | Tables of data title |
| table_type | Data table types: monthly, daily submeter and not submeter |
| name_rel_col | Monthly, the related column title of daily submeter |
| db_type | Type of database: oracle, mysql, sqlite, sybase etc. |
In the present embodiment, business object attribute and data sheet field mapping relations are defined as follows shown in table.
| Attribute | Describe |
| db_name | Tables of data respective column title |
| bo_name | The corresponding Property Name of business object, the key of corresponding json business object |
| data_type | Data type |
| max_len | Data type maximum length |
| default_value | Fixed value is adopted to fill this row |
| user_var | Predefine global variable is adopted to fill this row |
In the present embodiment, the corresponding SQL statement of tables of data is defined as follows shown in table.
| Attribute | Describe |
| create_sql | The statement build predicative sentence, indexing |
| insert_sql | Preserve the insertion statement of data |
In the present embodiment, business object and associated data table mapping definition as shown in the table.
| Attribute | Describe |
| rel_id | Contingency table ID |
| src_id | Source business object type coding |
| dst_id | Target service object type is encoded |
In the present embodiment, business object attribute and associated data literary name section mapping relations are defined as follows shown in table.
| Attribute | Describe |
| dst_col | Associated data table target column, corresponding data table db_name |
| src_col | The corresponding Property Name of business object, the key of corresponding json business object |
| default_value | Fixed value is adopted to fill this row |
| user_var | Predefine global variable is adopted to fill this row |
Especially, the present embodiment additionally provides the method and applies in Safety Industry application system, and concrete Organization Chart as shown in Figure 2.Each security module gathers security incident, then security incident is transmitted to Correspondent.Correspondent is responsible for the security incident received dynamically to write local data base, also security incident can be forwarded to telesecurity center simultaneously.Correspondent program dynamically puts engine in storage by event, database function plug-in unit, putaway rule, Event Forwarding Module form, above the host server being deployed in user.When event acquisition module being carried out to renewal expansion, when increasing newly or revising security incident, only needing to upgrade putaway rule, and not needing to upgrade Correspondent program.
In sum, the present invention adopts dynamic putaway rule to carry out corresponding configuration according to the attribute of business object, corresponding database SQL statement is generated according to its configuration, row in the attribute of business object and corresponding data table are carried out dynamic binding by field mappings relation, guarantee tables of data dynamic creation, the dynamic warehouse-in of business object.Method can revise warehouse-in program code, only need to revise dynamic putaway rule configuration information, just can meet new business function.The present invention reduces formula of enumerating code development that business change causes in a large number, repeats compiling work.Improve program flexibility, stability and extendability, can also a business object be saved in multiple tables of data of multiple different database simultaneously.
The foregoing is only preferred embodiment of the present invention, all equalizations done according to the present patent application the scope of the claims change and modify, and all should belong to covering scope of the present invention.
Claims (5)
1. the dynamic storage method of security incident, is characterized in that comprising the following steps:
Step S1: adopt XML format document definition putaway rule;
Step S2: load the putaway rule that step S1 has defined;
Step S3: the database manipulation feature card of specifying is encapsulated as dynamic base DLL, and loads described dynamic base DLL;
Step S4: start TCP network service, receives the security incident collected, and the security incident collected is defined as business object;
Step S5: be general JSON form by the data transformations of the business object received in step S4;
Step S6: by putaway rule corresponding for the business object coupling in step S5;
Step S7: generate corresponding SQL statement set according to the putaway rule of the correspondence of mating in step S6;
Step S8: the type of database corresponding according to business object, calls corresponding database manipulation feature card and performs corresponding SQL statement, in order to business object to be entered in the corresponding data table in the database of corresponding types; Wherein, transaction controlling granularity is single business object.
2. the dynamic storage method of a kind of security incident according to claim 1, is characterized in that: described putaway rule configuration item comprises the definition of business object essential information, business object and the definition of tables of data mapping relations, business object attribute and the definition of data sheet field mapping relations, the relevant SQL statement definition of business object, business object and associated data table mapping definition and business object attribute and associated data literary name section mapping relations and defines.
3. the dynamic storage method of a kind of security incident according to claim 1, is characterized in that: described specified database plug-in unit comprises Oracle operating function plug-in unit, MySQL operating function plug-in unit, SQLITE operating function plug-in unit and Sybase operating function plug-in unit.
4. the dynamic storage method of a kind of security incident according to claim 1, is characterized in that: described business object has the business object type coding and business tine information that communicating pair appoints.
5. the dynamic storage method of a kind of security incident according to claim 1, is characterized in that: described SQL statement set comprise build predicative sentence, index statement and insert statement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510231920.9A CN104834860B (en) | 2015-05-09 | 2015-05-09 | A kind of security incident dynamic storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510231920.9A CN104834860B (en) | 2015-05-09 | 2015-05-09 | A kind of security incident dynamic storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104834860A true CN104834860A (en) | 2015-08-12 |
| CN104834860B CN104834860B (en) | 2018-01-12 |
Family
ID=53812742
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510231920.9A Active CN104834860B (en) | 2015-05-09 | 2015-05-09 | A kind of security incident dynamic storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104834860B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874847A (en) * | 2017-12-26 | 2018-11-23 | 北京安天网络安全技术有限公司 | Matching process, device, electronic equipment and the storage medium of custom rule |
| CN109684329A (en) * | 2018-12-13 | 2019-04-26 | 高新兴科技集团股份有限公司 | A kind of method for managing resource based on data center apparatus |
| CN110263079A (en) * | 2019-05-31 | 2019-09-20 | 帷幄匠心科技(杭州)有限公司 | Data distribution enters library processing method and system |
| CN111147521A (en) * | 2020-01-02 | 2020-05-12 | 深圳市高德信通信股份有限公司 | Enterprise private network security event management system |
| CN111190607A (en) * | 2020-01-02 | 2020-05-22 | 广州虎牙科技有限公司 | Task plug-in processing method and device, task scheduling server and storage medium |
| CN112182637A (en) * | 2019-07-04 | 2021-01-05 | 中移信息技术有限公司 | Safety control system, method, device and storage medium |
| CN112506927A (en) * | 2020-12-04 | 2021-03-16 | 浪潮云信息技术股份公司 | Performance data storage method under cloud environment |
| CN114706918A (en) * | 2022-06-01 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | A multi-type database compatible method, device, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277272A (en) * | 2008-05-16 | 2008-10-01 | 北京航空航天大学 | A Realization Method of Massive Broadcasting Data Storage |
| CN102426582A (en) * | 2011-09-29 | 2012-04-25 | 用友软件股份有限公司 | Data operation management device and data operation management method |
| CN103678423A (en) * | 2012-09-26 | 2014-03-26 | 深圳市世纪光速信息技术有限公司 | Data file input system, device and method |
-
2015
- 2015-05-09 CN CN201510231920.9A patent/CN104834860B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277272A (en) * | 2008-05-16 | 2008-10-01 | 北京航空航天大学 | A Realization Method of Massive Broadcasting Data Storage |
| CN102426582A (en) * | 2011-09-29 | 2012-04-25 | 用友软件股份有限公司 | Data operation management device and data operation management method |
| CN103678423A (en) * | 2012-09-26 | 2014-03-26 | 深圳市世纪光速信息技术有限公司 | Data file input system, device and method |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874847A (en) * | 2017-12-26 | 2018-11-23 | 北京安天网络安全技术有限公司 | Matching process, device, electronic equipment and the storage medium of custom rule |
| CN109684329A (en) * | 2018-12-13 | 2019-04-26 | 高新兴科技集团股份有限公司 | A kind of method for managing resource based on data center apparatus |
| CN110263079A (en) * | 2019-05-31 | 2019-09-20 | 帷幄匠心科技(杭州)有限公司 | Data distribution enters library processing method and system |
| CN112182637A (en) * | 2019-07-04 | 2021-01-05 | 中移信息技术有限公司 | Safety control system, method, device and storage medium |
| CN111147521A (en) * | 2020-01-02 | 2020-05-12 | 深圳市高德信通信股份有限公司 | Enterprise private network security event management system |
| CN111190607A (en) * | 2020-01-02 | 2020-05-22 | 广州虎牙科技有限公司 | Task plug-in processing method and device, task scheduling server and storage medium |
| CN111147521B (en) * | 2020-01-02 | 2022-10-18 | 深圳市高德信通信股份有限公司 | Enterprise private network security event management system |
| CN111190607B (en) * | 2020-01-02 | 2024-02-09 | 广州虎牙科技有限公司 | Task plugin processing method and device, task scheduling server and storage medium |
| CN112506927A (en) * | 2020-12-04 | 2021-03-16 | 浪潮云信息技术股份公司 | Performance data storage method under cloud environment |
| CN114706918A (en) * | 2022-06-01 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | A multi-type database compatible method, device, device and storage medium |
| CN114706918B (en) * | 2022-06-01 | 2022-09-16 | 杭州安恒信息技术股份有限公司 | A multi-type database compatible method, device, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104834860B (en) | 2018-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104834860A (en) | Dynamic warehousing method for security events | |
| CN102270225B (en) | Data change daily record method for supervising and data change daily record supervising device | |
| US7487173B2 (en) | Self-generation of a data warehouse from an enterprise data model of an EAI/BPI infrastructure | |
| CN102054025B (en) | Traffic information resource integration processing method and system | |
| Karnitis et al. | Migration of relational database to document-oriented database: Structure denormalization and data transformation | |
| CN101739436B (en) | XML-based flexible data migration method | |
| CN102254029B (en) | View-based data access system and method | |
| CN103853803A (en) | Database configuration file encapsulation method and operation method as well as operation device thereof | |
| CN106168965A (en) | Knowledge mapping constructing system | |
| CN103942228A (en) | Rule engine, calculating method, service system and calling method | |
| CN109299074B (en) | Data verification method and system based on templated database view | |
| CN101122854A (en) | Structured code automatic configuration method and device | |
| CN100517229C (en) | Data version upgrade method | |
| CN104615713A (en) | SQL executing method and device based on multiple database types | |
| CN104216961A (en) | Method and device for data processing | |
| CN103914290A (en) | Operating command processing method and device | |
| CN106557307A (en) | The processing method and processing system of business datum | |
| CN104951954A (en) | FMCG research system | |
| CN111881660A (en) | Report generation method and device, computer equipment and storage medium | |
| CN101174204A (en) | Device for upgrading data version | |
| CN102103513A (en) | Method for rapidly developing software by utilizing metadata and middleware | |
| CN102508832B (en) | Method for storing on-orbit data of spacecraft in unified way | |
| CN110879857B (en) | Tunnel operation data analysis method and system | |
| CN103198140A (en) | Database storage system and data storage method | |
| CN109684329B (en) | Resource management method based on data center equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Fourth Mawei District, Fujian, Mawei District, the library of the second floor (FTA test area), 350000, Fuzhou Applicant after: FUJIAN LIUREN NETWORK SECURITY Co.,Ltd. Address before: No. 188 Taiwan AD Creative Park in Fuzhou city of Fujian Province, Xiufeng road 350012 4 Building 3 layer Applicant before: FUJIAN LIUREN NETWORK SECURITY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240321 Address after: F7-118, 6th Floor, Shenya Building, No. 47 Guomao Road, Longhua District, Haikou City, Hainan Province, 570100 Patentee after: Haikou Bomei Network Technology Co.,Ltd. Country or region after: China Address before: 350000 floor 4, Mawei library, Mawei District, Fuzhou City, Fujian Province (in the pilot Free Trade Zone) Patentee before: FUJIAN LIUREN NETWORK SECURITY Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240710 Address after: Room 1006, Building 1, No. 12 Keji East Road, Jianping Village, Shangjie Town, Minhou County, Fuzhou City, Fujian Province 350100 Patentee after: Fujian Fenglin Tianbao Information Security Technology Co.,Ltd. Country or region after: China Address before: F7-118, 6th Floor, Shenya Building, No. 47 Guomao Road, Longhua District, Haikou City, Hainan Province, 570100 Patentee before: Haikou Bomei Network Technology Co.,Ltd. Country or region before: China |